Cyber Criminals Are Aiming At Business

2018 has been the year when crypto-miners first dethroned ransomware as the most prevalent threat due to a meteoric spike in Bitcoin value in late 2017, then slowly trailed off when it began to nosedive.
 
It’s also been the year of the mega breach (Facebook, Marriott, MyHeritage, Quora, etc.), the year when extortionists and sextortionists began increasingly capitalising on stale PII from old breaches, and the year when malicious spam replaced exploits as the favorite attack vector. Finally, 2018 has also been the year when cybercriminals definitely realised businesses are juicier targets than individuals.
 
“Over the year, we have seen more attacks against businesses, more detections of malware on their endpoints, and a greater focus on what cybercriminals consider a more lucrative target,” Malwarebytes shared in its latest yearly State of Malware report.
 
“In fact, four of our top seven business detections increased by more than 100 percent from 2017 to 2018.”
 
The biggest malware threats
Trojans – a broad designation used for malware that does not fall directly into spyware or adware or backdoor categories – tops the list of Malwarebytes’ most common business detections in all regions of the globe.
The category was topped by the Emotet family, which uses exploits (e.g., EternalBlue) to compromise unpatched systems, credential brute forcing to move laterally throughout corporate networks, and its built-in spam module to send out malicious spam and infect systems outside the network.
 
“Spyware detections have climbed significantly due to similar variants and families of Emotet and TrickBot being identified as spyware in the wild—a clear sign of the focus threat actors have placed on information stealing and establishing holds on corporate networks,” the researchers noted.
 
Emotet and TrickBot are former banking Trojans with have evolved into droppers with multiple modules for spam production, lateral propagation through networks, data skimmers, and even crypto-wallet stealers, in other words, ideal tools for stealing ultra-sensitive data from businesses.
 
Trickbot often accompanies Emotet, as the latter drops the former as a secondary payload. Like Emotet, it exploits a SMB vulnerability (with the EternalRomance exploit) for lateral movement inside a network.
 
Ransomware is also being pushed more onto businesses. SamSam-wielding criminals continue to target organisations in many verticals, and it has recently been shared by CrowdStrike and FireEye researchers that a cybercriminal group dubbed Grim Spider has been using the Ryuk ransomware to exclusively target enterprises which have previously been compromised via the TrickBot Trojan.
 
Other notable threats in 2018 were website data-harvesting attacks (Magecart), malicious browser extensions, plugin and browser exploits, IoT malware, and various scams.
 
What’s to Come?
With the proviso that they can only make educated guesses about the likely 2019 threats and trends, the researchers have shared their predictions for the year.
 
Interspersed among the expected ones, more IoT botnets, the slow death of crypto mining on desktops, the increase of frequency and sophistication of digital skimming, SMB vulnerabilities continuing to be challenging for organizations – are some uncommon ones:
• Sound loggers – keyloggers that are able to listen to the cadence and volume of tapping to determine which keys are struck on a keyboard, will slip into the wild.
• AI will be used to create and modify malicious executables in order to avoid being detected by deployed security tools.
• Bring Your Own Security (BYOS). “More and more consumers are bringing their own security to the workplace as a first or second layer of defense to protect their personal information,” the researchers concluded.
 

HelpNetSecurity:

You Might Also Read:

The Attack Surface Is Growing Faster Than Ever:

« US Intelligence Chief Warns Of ‘ever more diverse’ Threats
Hackers Use PayPal To Go Phishing »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cloud Security Alliance (CSA)

Cloud Security Alliance (CSA)

The CSA is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing

BMC Software

BMC Software

BMC provide solutions for IT service management, Cloud management, IT workload automation, IT operations, and mainframe system management.

LEXFO

LEXFO

LEXFO specializes in the security of information systems, assisting clients in protecting information assets using an offensive and innovative approach.

Acutec

Acutec

Acutec is an award winning IT support, services and solutions provider including managed IT Security and backup/disaster recovery.

WeSecureApp (WSA)

WeSecureApp (WSA)

WeSecureApp is specialized in providing Cyber Security Solutions to safeguard your applications and networks.

Computest

Computest

Computest security testing services include Mobile app security, Vulnerability assessments, Attack & penetration testing, Security awareness training, Network security assessments.

Sqreen

Sqreen

Sqreen is a web application security monitoring and protection solution helping companies protect their apps and users from attacks.

Approachable Certification

Approachable Certification

Approachable Certification is a UKAS accredited certification body offering down-to-earth and competitively priced audits against ISO Management Systems standards.

DDOS-Guard

DDOS-Guard

DDoS-GUARD is one of the leading service providers on the global DDoS protection and content delivery markets.

Cloud & Cyber Security Expo

Cloud & Cyber Security Expo

Cloud & Cyber Security Expo is the UK’s largest cloud and cyber security event.

Alias Robotics

Alias Robotics

Alias Robotics is a robot cyber security company. We deliver cyber security solutions for robots and robot components.

Pyxsoft PowerWAF

Pyxsoft PowerWAF

Pyxsoft PowerWAF responds to the problem of business cybersecurity. We protect our clients' websites and data against attacks and exploitation of all kinds of vulnerabilities.

Fenix24

Fenix24

Fenix24 is an industry leader in the incident-response space. We ensure the fastest response, leading to the full restoration of critical infrastructure, data, and systems.

Jera IT

Jera IT

Jera IT provide fully managed IT support, cybersecurity services, telecoms systems, and IT strategy consultancy to businesses based in Aberdeen and the surrounding area.

Orca Tech

Orca Tech

Orca Tech brings together a portfolio of complimentary vendor in the IT security industry to help provide a complete solution to meet the requirements of our Partners across all sectors.

RAH Infotech

RAH Infotech

RAH Infotech is India’s leading value added distributor and solutions provider in the Network and Security domain. We are specialists in Enterprise and App Security and Application Delivery.